Facebook data breach allows anyone to view your info via your phone number - it's a feature!

Hothardware confirms that a massive data breach found by a security enthusiast exposes your private information to total strangers.

"About a month ago I was just browsing Facebook on my Facebook mobile application and it had an option called 'Find friends using contacts' -- what it does is that it compares the contact list from your phone to the Facebook database to see if you have any friends that are in your contacts but not on your Facebook account," Prakash told The Next Web. "I also later figured out that simply 'searching' a person's phone number (including country code) will show you their account."
Using Prakash's method, a person could search a random phone number to view someone's full profile, and it works nearly every time since, according to Prakash, Facebook's privacy settings are confusing so most people haven't adequately protected themselves. That in and of itself isn't too egregious, but the fact that Prakash claimed he was able to write a script to cultivate a massive phone book of everyone who lets you look them up on Facebook is the scary part.

With facebooks poor trackrecord of security, constant changes of settings and now asking 5 bucks from anyone to promote posts to strangers that are friends of friends, one wonders what their plan is. Facebook stock is bouncing like a snowball down a hill, so of course they have to hurry up and fix this security hole that affected 800 million users worldwide. Facebook says to CIO UK that the "bug" wasn't even a bug, it was a feature and so thus it's already been fixed.

"The ability to search for a person by phone number is intentional behaviour and not a bug in Facebook," Facebook said Tuesday in an emailed statement. "By default, your privacy settings allow everyone to find you with search and friend finder using the contact info you have provided, such as your email address and phone number. You can modify these settings at any time from the Privacy Settings page."

about the author

Dabitch Creative Director, CEO, hell-raising sweetheart and editor of Adland. Globetrotting Swede who has lived and worked in New York, London, San Francisco, Amsterdam, Copenhagen and Stockholm.

Comments (4)

  • Someone Who Enjoys His Privacy's picture
    Someone Who Enj... (not verified)

    It never ceases to amaze me how people put all manner of personal information on FB. Hell, I don't even use my real name, much less hand out phonenumbers or use any of their spyware apps that allow companies to track me.

    And scripting "Anonymous Coward" into your name is childish. There are plenty of good reasons not to divulge personal information online. Which is ironic given your rant in this very article about privacy. If you don't understand that, you have no business writing about privacy. Grow up.

    Oct 13, 2012
  • kidsleepy's picture

    No one is asking for your name. We are asking you to submit under SOME name: whatever name you choose. Anonymous Coward or otherwise.

    And since you were able turn something childish into something unnecessarily self-righteous, I'm not sure why you're so offended by it.

    Oct 13, 2012
  • Dabitch's picture

    Actually, adding "anonymous coward" as the default anon name is meant to nudge people into choosing another name, like you just did. It's such a common tactic urban dictionary knows it and many CMS systems have it set that way by default. When one leaves it as "Anonymous" people tend to forget or become lazy, and before you know it you have a thread of "anonymous" talking about different things and have difficulty following who said what. Slashdot (wikipedia article ), the place that inspired this site sixteen years ago, probably started using that name in the early nineties. Welcome to the intarwebs.

    But you knew that already, my quebecois friend, you just wanted to call me childish, underneath a post where I'm talking about facebook. Happy now? OK, back to the topic.

    If you're not using your name on facebook, why are you even there? If you don't want to be tracked and data collected the simplest way is to not use it at all. Have your privacy and eat your cake too. Don't underestimate what IP numbers and phones footprints tell people about you when you use facebook. If you're logging in, regardless of your name, facebook's cookies will and do follow you around the web. To them the interesting data isn't that Joe Shmoe has an account, but the pattern of who Joe Schmoe talks to, befriends, and where he goes. You can have an account under any name you want, they got you.

    Oct 13, 2012
  • sport's picture

    Dear Someone Who Enjoys His Privacy. So do I. So I chose a username that is not related to my real name.

    Oct 13, 2012

Leave a comment